| The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this Joint Cybersecurity Advisory to disseminate known TTPs, IOCs, and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023. |
| AvosLocker operates under a ransomware-as-a-service (RaaS) model. AvosLocker affiliates have compromised organizations across multiple critical infrastructure sectors in the United States, affecting Windows, Linux, and VMware ESXi environments. AvosLocker affiliates compromise organizations’ networks by using legitimate software and open-source remote system administration tools. AvosLocker affiliates then use exfiltration-based data extortion tactics with threats of leaking and/or publishing stolen data. |
| This advisory updates the March 17, 2022, AvosLocker ransomware Joint Cybersecurity Advisory released by FBI and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). This update includes TTPs and IOCs not included in the previous advisory and a YARA rule FBI developed after analyzing a tool associated with an AvosLocker compromise. |